Powershell通过Thumbprint检索证书作为字符串与字符串变量

问题描述 投票:2回答:1

我正在尝试拼凑一些PowerShell代码来遍历服务器列表,返回有关其IIS站点和绑定的一些信息,如果他们有https绑定,请获取certificateHash并使用通过指纹定位cert并返回其截止日期。

我遇到的问题是,当我运行我的代码时,$ binding.cerficateHash似乎返回了我所期望的,一个cert Hash的字符串,但当我使用该certificateHash属性尝试通过其指纹获取证书时,它不起作用...但是当我获取certificateHash值的原始字符串值并对其进行硬编码时,它的工作原理......

我已经检查过certificateHash.GetType()并且它看起来只是一个字符串,所以我不明白我做错了什么,并且我尝试了一些东西,但没有用,授予这是我在powershell的第一次破解所以有很多我不知道。

$sites = Invoke-Command  -ComputerName $serverName { Import-Module WebAdministration; Get-ChildItem -path IIS:\Sites }  -ErrorAction SilentlyContinue 

foreach($site in $sites)
{
   $serverName
   $site.name
   $site.physicalPath

   foreach($binding in $site.bindings.Collection)
   {
        $binding.protocol 
        $binding.bindingInformation 
        $binding.certificateHash 
        $binding.certificateStoreName

        if($binding.certificateHash)
        {
            # This outputs AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
            $binding.certificateHash 

            # this retrieves a cert and returns its expiration date, Woohooo!
            Start-Job  Invoke-Command -ComputerName  $serverName -ScriptBlock  { (Get-ChildItem -path Cert:\LocalMachine\WebHosting | Where-Object {$_.Thumbprint -eq "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" })[0].GetExpirationDateString() }         

            # this does not find a cert, and ive tried many things, and no dice.
            Start-Job  Invoke-Command -ComputerName  $serverName -ScriptBlock  { (Get-ChildItem -path Cert:\LocalMachine\WebHosting | Where-Object {$_.Thumbprint -eq $binding.certificateHash })[0].GetExpirationDateString() }                        

            # i've tried extracting the hash via "tostring" and using that, no dice
            $hash = $binding.certificateHash.ToString() 
            Start-Job  Invoke-Command -ComputerName  $serverName -ScriptBlock  { (Get-ChildItem -path Cert:\LocalMachine\WebHosting | Where-Object {$_.Thumbprint -eq $hash })[0].GetExpirationDateString() }                       

            # i've tried adding some wildcards and using the -like operator, no dice.
            $hash = "*" + $binding.certificateHash + "*" 
            Start-Job  Invoke-Command -ComputerName  $serverName -ScriptBlock  { (Get-ChildItem -path Cert:\LocalMachine\WebHosting | Where-Object {$_.Thumbprint -lilke $hash })[0].GetExpirationDateString() }                                    
        }
   }      
}

站点的示例输出。

  • 站点1
  • d:\ APPS \ SITE1
  • HTTP
  • *:80:Site1-test.ourdomain.com
  • HTTPS
  • *:443:Site1-test.ourdomain.com
  • AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
  • 虚拟主机
powershell iis ssl-certificate invoke-command
1个回答
2
投票

您调用脚本块的计算机不知道本地会话中的$binding变量。 (这也是传递文字字符串时的原因。)

尝试将值作为参数传递:

Invoke-Command -Computer $serverName -Script {
   param ($hash)
   (gci Cert:\LocalMachine\WebHosting | ? Thumbprint -eq $hash)[0].GetExpirationDateString()
} -Arg $binding.certificateHash
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.